fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts. It was found that in Linux kernel the mount table expands by a power-of-two with each bind mount command. If a system is configured to allow non-privileged user to do bind mounts, or allows to do so in a container or unprivileged mount namespace, then non-privileged user is able to cause a local DoS by overflowing the mount table, which causes a deadlock for the whole system.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center